Cybercriminals are combining system disruption with demands for cash, or cryptocurrency, in ransomware attacks that are happening more and more frequently.
One particular ransomware campaign called FakeUpdates, reports Politico, uses fake browser update notifications to trick computer users into downloading or releasing malware to their systems and which can infiltrate whole IT networks and take down essential business processes.
Politico cites a recent blog post by US cybersecurity company FireEye which says some attacks to companies are occurring “en masse” via the FakeUpdates campaign which first surfaced in April 2018. The campaign has appeared frequently in reports of cyber-attacks between May and September this year. FireEye says:
“Understanding that normal business processes are critical to organisational success, these ransomware campaigns have been accompanied with multi-million dollar ransom amounts.”
In a ransomware attack malicious software, or malware, is released into an organisation’s computer network. It can completely take down systems and be controlled externally by the cybercriminals involved. Once these criminals have control of a computer system, often shutting down key business processes, they demand massive ransoms in return for restored business functionality or even stolen data.
FakeUpdates is back
FireEye identified the FakeUpdates campaign first in April 2018 and now believe the attack method is back. Cybercriminals use compromised websites to deliver their malware, often Trojan software, disguised as Chrome, Internet Explorer, Opera, or Firefox browser updates.
When fake browser updates are activated the attack begins in earnest. Some of the compromised websites have been those with old Content Management System (CMS) applications. This is a notable warning for businesses who are using older CMS systems for their websites. Keeping all systems and software, including any published websites, up to date is vital to the cybersecurity of an organisation.
“We have seen ransomware graduate from a nuisance malware to one being used to extort victim networks out of significant sums of money. Furthermore, threat actors are now coupling ransomware with multiple toolkits or other malware families to gain stronger footholds into an environment.”
This points again to the increased sophistication of cybercrime. FireEye adds that ransomware attackers don’t need to access the “most sensitive” parts of a company, they just need to get a hold of systems that will “disrupt business processes.”
Enterprise Times in the UK warned of fake browser updates in March 2019 quoting cloud provider Memset’s Head of Security, Thomas Owen, as warning:
“Many of these exploits require vulnerabilities in the browser or Operating System, ensuring the user’s browser and OS are up to date (and have automatic patches) and running a reputable antivirus product will protect you from the majority of these issues.”
Organisation-wide security awareness will help
Owen adds that some browser security plugins can help but that “good hygiene” is key including avoiding less reputable websites. This is an important part of security awareness, coupled with knowing what kind of attacks, like FakeUpdates, can ensue from browsing the internet or clicking an unexpected pop up.
Engage your staff with scenario-based security awareness training or “In-the-Moment” training.
Ransomware attacks are increasing in the UK
IT Pro reported early this September that UK businesses had seen a 195% increase in ransomware attacks this year, but that ransomware is still low on the list of potential cyber-attacks facing companies.
Interestingly in the same study, US businesses had seen a 21% decline in the number of attacks. IT Pro cites the study by AT&T Cybersecurity where 40% of cyber security professionals believe that it should be illegal for a company to comply with a ransomware demand but a further over 40% would consider paying a ransom for easy restoration of corporate systems. AT&T’s lead product manager, Rick Langston says:
“Organisations are still struggling when it comes to ransomware. Many do not know the best practices when it comes to ransomware, or worse, do not feel confident to handle attacks efficiently.”
It emerged in July this year that the UK’s largest private forensic company, Eurofins Scientific, which serves much of the UK’s police force was the victim of a ransomware attack. Reporting suggests that “immediate steps” to respond to the attack included paying the ransom. The same report mentioned the ransomware attack on the NHS is 2017 which led to the cancellation of 19,000 patient appointments.
Another ransomware attack in June 2019 cost aluminium producer Norsk Hydro £45 million. The global company, with 170 locations in 40 countries and 22,000 computers completely lost all their systems but it didn’t pay the ransom.
Norsk Hydro didn’t even respond to the cybercriminals. It incurred the £45 million costs for downtime and recovery, which took months. However, according to a BBC report, the company gained in reputation after being open and honest about the experience and is held up as a “gold standard” example of how to deal with a security breach. The same report suggests some well-known companies have secretly paid ransoms to hackers without ever revealing the cyber-attack to the public or to shareholders.
Here at The Defence Works we’ll tell you cybersecurity systems and processes are essential, but so too is company-wide cybersecurity awareness in order to plan and to meet the challenge of any form of cyber-attack your business may face.
Check out The Defence Works security sketches written by BBC comedy writers: